According to the National Cyber Security Centre https://ncsc.gov.uk, passkeys are the future, and their article at https://www.ncsc.gov.uk/news/ncsc-leave-passwords-in-the-past-passkeys-are-the-future helps to explain the background. As always, do check with your IT support provider before making any changes to your systems.
Data Protection
AI-generated Subject Access Requests
A client recently received a DSAR that was 4 pages long (the request and not the response!) and which was obviously AI generated. It is likely that we might all see more of these but do remember that you are responsible for deciding what elements are in scope and what should be provided. The ICO’s […]
ICO statement on age assurance
The ICO has published a statement on age assurance and its commitment to ensuring that the internet is a privacy-friendly and safe place for children. You can read it at https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/ico-statement-on-age-assurance/, and it prompted us to ask two questions: Do remember that the ICO has also published its Children’s Code at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/.
Case studies on talking to children about data privacy
The ICO has published some case studies with top tips on talking to children about online privacy, and perhaps these are worth sharing with your staff and volunteers. You can find out more at https://ico.org.uk/switched-on-to-privacy/case-studies/.
One month until data protection complaints process is mandatory
UK businesses have under one month to put a data protection complaints process in place, before new legal requirements come into force on 19 June 2026. From that date, all organisations will be legally required to handle data protection complaints under the Data (Use and Access) Act 2025. We recommend that you read the ICO’s […]